PCI / CISP Compliance
Background : Core Elements : Non-Compliance Risks : Warning Signs : Ongoing Changes : Next Steps : Further Reading : Self-Assessment
Further Reading:
*The definitive source for PCI information is available on the Visa, MasterCard, American Express and other credit card vendors’ websites, as follows:
VISA www.visa.com (search for CISP) or, the direct link to…
http://usa.visa.com/merchants/risk_management/cisp.html?it=searchQuicklink
M/C http://www.mastercard.com/us/sdp/index.html (MasterCard SDP program)
http://www.webcasts.com/mastercardpci (MasterCard’s 360 degree view of PCI)
http://www.mastercard.com/us/merchant/security/what_can_do/index.html
(What You Can Do as a Merchant)
http://www.mastercard.com/us/merchant/security/what_can_do/getting_started.html (Security Can-Do’s and Must-Do’s from MasterCard)
AMEX https://www209.americanexpress.com/merchant/singlevoice/pdfs/en_US/DSOP_Merchant_US.pdf?
(DSOP) American Express Data Security Operating Policy
http://www10.americanexpress.com/sif/cda/page/0,1641,24376,00.asp?us_nu=footer (
Discover
http://www.discovernetwork.com/fraudsecurity/disc.html (DISC) Discover Information Security and Compliance Program
JCB
http://www.jcb-global.com/english/pci/index.html
(JCB PCI DSS) JCB Payment Card Industry Data Security Standard
Transposed & Corrected from source < http://www.pcianswers.com/resources/ >
*A collaborative and definitive source of information is available on the website (updated on a regular basis) of the standards organization, PCI Security Standards Council, an organization that publishes the “PCI DSS”, otherwise known as the Payment Card Industry Data Security Standards.
The PCI Security
Standards Council is an open global forum for the ongoing development,
enhancement, storage, dissemination and implementation of security standards
for account data protection.
The PCI Security
Standards Council’s mission is to enhance payment account data security by
fostering broad adoption of the PCI Security Standards. The organization was
founded by American Express, Discover Financial Services, JCB, MasterCard
Worldwide, and Visa International.
Pasted from <https://www.pcisecuritystandards.org/index.shtml>
*I’ve previously found some web logs (a.k.a. “blogs”), which describe in detail, the issues and information as they arrived, in relation to PCI Security & Compliance. This can provide loads of reading entertainment (if you like this stuff):
http://www.pcianswers.com/ (halted, apparently on March 14, 2010)
http://riskanalysis.riskmanagementinsight.com/ (most recent entry in August 2009)
*I’ve also found some more up to date and useful information in the following locations
http://kohi10.wordpress.com/2010/03/15/data-breach-security-incidents-continue/
http://www.privacyrights.org/ar/ChronDataBreaches.htm
*A PCI vendor, Mercury Payment Systems, has some resources on their site which might prove useful, including videos. If you don't currently have regular PCI scans (required) or you want help in getting a PCI assessment/audit, please let us know.
http://go.mercurypay.com/pcipartner/resources.htm (Resource Information)
*The RSPA (Retail Solutions Providers Association) provides a real example of a loss situation:
*THIS VIDEO will give you a good View of What’s Happening that could touch you. While it is bit slanted toward scaring you into action, this could certainly happen to any business. If it puts you into action, then it has achieved its goal:
Part I of the RSPA PCI explanation
Part II of the RSPA PCI explanation
Follow up with data breach previously shown
Finally, on a light hearted note, in case you want to know the way the world is going (think Brave New World and George Orwell’s 1984… (It’s funny, but nearly true), check this out: http://aclu.org/pizza/images/screen.swf
Sotapop Consulting
PO Box 192061
(415) 647-0550 office
(650) 996-6241 cell
support@sotapop.org